Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

You have Koobface. Read through this and pay paricular attention to this:

Win32/Koobface is a multi-component family of malware used to compromise machines and direct them in various ways at the attacker's will. This could include using the affected machine to distribute additional malware, generate 'pay per click' advertising revenue, steal sensitive data, break captchas, and subvert the affected user's online experience. Its components are varied, but include a worm that spreads by utilizing social networking sites such as Facebook and MySpace.

Please note: Due to the restrictions on Vista, all tools should be started by Right-Click ---> "Run As Administrator"

Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.

After a while, a window will open, with details of what the scans found.

Copy and paste the results into your next reply.

Disable Windows Defender

From your log i can see this that you are running a Windows Defender. This might interfere with fixes we are about to do so we need to disable it. To disable your Windows Defender Real-time Protection.

Open Windows Defender

Click Tools

Click General Settings

Scroll down to Real Time Protection Options

Uncheck Turn on Real Time Protection (recommended)

Close Windows Defender

Note:Once your log is clean you can re-enable Windows Defender Real Time Protection.

ComboFix (by sUBs)Download Combofix from any of the links below but rename it to melboy1.exebefore saving it to your desktop.

Now STOP your security programs (Antivirus/Antispyware Guards) as they could easily interfere with ComboFix.

#NOTE: To disable Norman Security Suite's On-Access scanner, right-click the System Tray Icon and select "Stop on-access scanner"Further info can be found on page 20 of the users guide here

Right click on the renamed ComboFix.exe, select Run as Administrator & follow the prompts.

When finished, it will produce a report for you.

Please post the C:\ComboFix.txt so we can continue cleaning the system.

Re-enable all the programs that were disabled during the running of ComboFix

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.This tool is not a toy and not for everyday use.ComboFix SHOULD NOT be used unless requested by a forum helper

Are you able to update the above program? Is the paid subscription current, or has it expired?If you are not able, or do not want to pay for a subscription, I can recommend some free Anti-virus software.

Disable Windows Defender

From your log i can see this that you are running a Windows Defender. This might interfere with fixes we are about to do so we need to disable it. To disable your Windows Defender Real-time Protection.

Open Windows Defender

Click Tools

Click General Settings

Scroll down to Real Time Protection Options

Uncheck Turn on Real Time Protection (recommended)

Close Windows Defender

Note:Once your log is clean you can re-enable Windows Defender Real Time Protection.

COMBOFIX-ScriptA word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

#NOTE: To disable Norman Security Suite's On-Access scanner, right-click the System Tray Icon and select "Stop on-access scanner"Further info can be found on page 20 of the users guide here

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

Ensure you are connected to the internet and click OK on the message box.

In your next reply:

combofix.txt

Norman virus control subscription information

A fresh HijackThis log (Run As Administrator), and a description of how the computer is running now.

Thanks for the compliments skautroll. We still have some more work to do yet though.

Sun JavaSun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.

Uninstall Java Programs

Go to start > control panel > programs and features.

Right click on each instance of:

Java(TM) 6 Update 5Java(TM) 6 Update 7

Click Uninstall & then follow the prompts to remove it.

This entry >> Java(TM) 6 Update 15 << can be left alone as it is currently secure.

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

Select the option YES, I accept the Terms of Use then click on:

When prompted allow the Add-On/Active X to install.

Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.

Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

Now click on:

The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

When completed the Online Scan will begin automatically.

Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

Now click on:

Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Re-run - RSIT (Random's System Information Tool)You should still have this program on your desktop.

Right click on RSIT.exe and select "Run as Administrator" to run it.

Click Continue at the disclaimer screen.RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.